Remove refs to non-existent types package
This commit is contained in:
James Mills
@@ -12,7 +12,6 @@ import (
|
||||
log "github.com/sirupsen/logrus"
|
||||
|
||||
"git.mills.io/prologic/spyda/internal/passwords"
|
||||
"git.mills.io/prologic/spyda/types"
|
||||
)
|
||||
|
||||
// ContextKey ...
|
||||
@@ -180,91 +179,3 @@ func (a *API) PingEndpoint() httprouter.Handle {
|
||||
_, _ = w.Write([]byte(`{}`))
|
||||
}
|
||||
}
|
||||
|
||||
// AuthEndpoint ...
|
||||
func (a *API) AuthEndpoint() httprouter.Handle {
|
||||
// #239: Throttle failed login attempts and lock user account.
|
||||
failures := NewTTLCache(5 * time.Minute)
|
||||
|
||||
return func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
|
||||
req, err := types.NewAuthRequest(r.Body)
|
||||
if err != nil {
|
||||
log.WithError(err).Error("error parsing auth request")
|
||||
http.Error(w, "Bad Request", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
||||
username := NormalizeUsername(req.Username)
|
||||
password := req.Password
|
||||
|
||||
// Error: no username or password provided
|
||||
if username == "" || password == "" {
|
||||
log.Warn("no username or password provided")
|
||||
http.Error(w, "Bad Request", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
||||
// Lookup user
|
||||
user, err := a.db.GetUser(username)
|
||||
if err != nil {
|
||||
log.WithField("username", username).Warn("login attempt from non-existent user")
|
||||
http.Error(w, "Invalid Credentials", http.StatusUnauthorized)
|
||||
return
|
||||
}
|
||||
|
||||
// #239: Throttle failed login attempts and lock user account.
|
||||
if failures.Get(user.Username) > MaxFailedLogins {
|
||||
http.Error(w, "Account Locked", http.StatusTooManyRequests)
|
||||
return
|
||||
}
|
||||
|
||||
// Validate cleartext password against KDF hash
|
||||
err = a.pm.CheckPassword(user.Password, password)
|
||||
if err != nil {
|
||||
// #239: Throttle failed login attempts and lock user account.
|
||||
failed := failures.Inc(user.Username)
|
||||
time.Sleep(time.Duration(IntPow(2, failed)) * time.Second)
|
||||
|
||||
log.WithField("username", username).Warn("login attempt with invalid credentials")
|
||||
http.Error(w, "Invalid Credentials", http.StatusUnauthorized)
|
||||
return
|
||||
}
|
||||
|
||||
// #239: Throttle failed login attempts and lock user account.
|
||||
failures.Reset(user.Username)
|
||||
|
||||
// Login successful
|
||||
log.WithField("username", username).Info("login successful")
|
||||
|
||||
token, err := a.CreateToken(user, r)
|
||||
if err != nil {
|
||||
log.WithError(err).Error("error creating token")
|
||||
http.Error(w, "Internal Server Error", http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
|
||||
user.AddToken(token)
|
||||
if err := a.db.SetToken(token.Signature, token); err != nil {
|
||||
log.WithError(err).Error("error saving token object")
|
||||
http.Error(w, "Internal Server Error", http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
if err := a.db.SetUser(user.Username, user); err != nil {
|
||||
log.WithError(err).Error("error saving user object")
|
||||
http.Error(w, "Internal Server Error", http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
|
||||
res := types.AuthResponse{Token: token.Value}
|
||||
|
||||
body, err := res.Bytes()
|
||||
if err != nil {
|
||||
log.WithError(err).Error("error serializing response")
|
||||
http.Error(w, "Internal Server Error", http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
|
||||
w.Header().Set("Content-Type", "application/json")
|
||||
_, _ = w.Write(body)
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user